michaelh/zephyr
1
0
Fork 0
Code Releases Activity

mcumgr: BT SMP transport config for authenticated requirement

Browse source 
This commit introduces a new Kconfig symbol MCUMGR_SMP_BT_AUTHEN.
When selected it configures the Bluetooth mcumgr transport to require
an authenticated connection.

If the Bluetooth mcumgr transport is selected then this new symbol is
selected by default.  Bluetooth SMP is also selected to ensure Zephyr
is configured with Bluetooth security features enabled to provide
Bluetooth authentication APIs to the user's app.  Users can choose to
disable this level of security for the Bluetooth mcumgr transport if
they do not require it.

Fixes #16482

Signed-off-by: Nick Ward <nix.ward@gmail.com>
This commit is contained in:
Nick Ward 2019-11-07 23:34:14 +11:00 committed by Anas Nashif
commit b5f335b11b
5 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
samples/boards/nrf/mesh/onoff_level_lighting_vnd_app/prj_smp_svr.conf
View file

@ -8,8 +8,9 @@ CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_BT_L2CAP_TX_MTU=260 CONFIG_BT_L2CAP_TX_MTU=260
CONFIG_BT_RX_BUF_LEN=260 CONFIG_BT_RX_BUF_LEN=260
# Enable the Bluetooth and shell mcumgr transports. # Enable the Bluetooth (unauthenticated) and shell mcumgr transports.
CONFIG_MCUMGR_SMP_BT=y CONFIG_MCUMGR_SMP_BT=y
CONFIG_MCUMGR_SMP_BT_AUTHEN=n
#CONFIG_MCUMGR_SMP_SHELL=y #CONFIG_MCUMGR_SMP_SHELL=y
#CONFIG_MCUMGR_SMP_UART=y #CONFIG_MCUMGR_SMP_UART=y

3
samples/subsys/mgmt/mcumgr/smp_svr/prj.conf
View file

@ -11,8 +11,9 @@ CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_BT_L2CAP_TX_MTU=260 CONFIG_BT_L2CAP_TX_MTU=260
CONFIG_BT_RX_BUF_LEN=260 CONFIG_BT_RX_BUF_LEN=260
# Enable the Bluetooth and shell mcumgr transports. # Enable the Bluetooth (unauthenticated) and shell mcumgr transports.
CONFIG_MCUMGR_SMP_BT=y CONFIG_MCUMGR_SMP_BT=y
CONFIG_MCUMGR_SMP_BT_AUTHEN=n
CONFIG_MCUMGR_SMP_SHELL=y CONFIG_MCUMGR_SMP_SHELL=y
#CONFIG_MCUMGR_SMP_UART=y #CONFIG_MCUMGR_SMP_UART=y

3
samples/subsys/mgmt/mcumgr/smp_svr/prj_tiny.conf
View file

@ -15,8 +15,9 @@ CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_BT_L2CAP_TX_MTU=260 CONFIG_BT_L2CAP_TX_MTU=260
CONFIG_BT_RX_BUF_LEN=260 CONFIG_BT_RX_BUF_LEN=260
# Enable the Bluetooth and UART mcumgr transports. # Enable the Bluetooth (unauthenticated) and UART mcumgr transports.
CONFIG_MCUMGR_SMP_BT=y CONFIG_MCUMGR_SMP_BT=y
CONFIG_MCUMGR_SMP_BT_AUTHEN=n
#CONFIG_MCUMGR_SMP_SHELL=y #CONFIG_MCUMGR_SMP_SHELL=y
CONFIG_MCUMGR_SMP_UART=y CONFIG_MCUMGR_SMP_UART=y

9
subsys/mgmt/Kconfig
View file

@ -14,6 +14,15 @@ config MCUMGR_SMP_BT
help help
Enables handling of SMP commands received over Bluetooth. Enables handling of SMP commands received over Bluetooth.
config MCUMGR_SMP_BT_AUTHEN
bool "Authenticated requirement for Bluetooth mcumgr SMP transport"
depends on MCUMGR_SMP_BT
select BT_SMP
default y
help
Enables encrypted and authenticated connection requirement to
Bluetooth SMP transport.
config MCUMGR_SMP_SHELL config MCUMGR_SMP_SHELL
bool "Shell mcumgr SMP transport" bool "Shell mcumgr SMP transport"
select MCUMGR select MCUMGR

12
subsys/mgmt/smp_bt.c
View file

@ -76,9 +76,19 @@ static struct bt_gatt_attr smp_bt_attrs[] = {
BT_GATT_CHARACTERISTIC(&smp_bt_chr_uuid.uuid, BT_GATT_CHARACTERISTIC(&smp_bt_chr_uuid.uuid,
BT_GATT_CHRC_WRITE_WITHOUT_RESP | BT_GATT_CHRC_WRITE_WITHOUT_RESP |
BT_GATT_CHRC_NOTIFY, BT_GATT_CHRC_NOTIFY,
#ifdef CONFIG_MCUMGR_SMP_BT_AUTHEN
BT_GATT_PERM_WRITE_AUTHEN,
#else
BT_GATT_PERM_WRITE, BT_GATT_PERM_WRITE,
#endif
NULL, smp_bt_chr_write, NULL), NULL, smp_bt_chr_write, NULL),
BT_GATT_CCC(smp_bt_ccc_changed, BT_GATT_PERM_READ | BT_GATT_PERM_WRITE), BT_GATT_CCC(smp_bt_ccc_changed,
#ifdef CONFIG_MCUMGR_SMP_BT_AUTHEN
BT_GATT_PERM_READ_AUTHEN |
BT_GATT_PERM_WRITE_AUTHEN),
#else
BT_GATT_PERM_READ | BT_GATT_PERM_WRITE),
#endif
}; };
static struct bt_gatt_service smp_bt_svc = BT_GATT_SERVICE(smp_bt_attrs); static struct bt_gatt_service smp_bt_svc = BT_GATT_SERVICE(smp_bt_attrs);